aws-sam-cli: aws-sam-cli-managed-default stack rolled back with "The specified bucket is not valid" error
Description:
When setting up a new sam project using sam init, then sam build and then sam deploy --guided, the Cloud Formation process fails with:
Error: Failed to create managed resources: Waiter StackCreateComplete failed: Waiter encountered a terminal failure state: For expression “Stacks[].StackStatus” we matched expected path: “ROLLBACK_COMPLETE” at least once
Steps to reproduce:
$ sam init
Which template source would you like to use?
1 - AWS Quick Start Templates
2 - Custom Template Location
Choice: 1
What package type would you like to use?
1 - Zip (artifact is a zip uploaded to S3)
2 - Image (artifact is an image uploaded to an ECR image repository)
Package type: 1
Which runtime would you like to use?
1 - nodejs14.x
2 - python3.9
3 - ruby2.7
4 - go1.x
5 - java11
6 - dotnetcore3.1
7 - nodejs12.x
8 - nodejs10.x
9 - python3.8
10 - python3.7
11 - python3.6
12 - python2.7
13 - ruby2.5
14 - java8.al2
15 - java8
16 - dotnetcore2.1
Runtime: 1
Project name [sam-app]: github-test-case
Cloning from https://github.com/aws/aws-sam-cli-app-templates
AWS quick start application templates:
1 - Hello World Example
2 - Step Functions Sample App (Stock Trader)
3 - Quick Start: From Scratch
4 - Quick Start: Scheduled Events
5 - Quick Start: S3
6 - Quick Start: SNS
7 - Quick Start: SQS
8 - Quick Start: Web Backend
Template selection: 1
-----------------------
Generating application:
-----------------------
Name: github-test-case
Runtime: nodejs14.x
Dependency Manager: npm
Application Template: hello-world
Output Directory: .
Next steps can be found in the README file at ./github-test-case/README.md
$ cd github-test-case
$ sam deploy --guided --debug
2021-09-04 22:54:55,157 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
2021-09-04 22:54:55,158 | Using config file: samconfig.toml, config environment: default
2021-09-04 22:54:55,158 | Expand command line arguments to:
2021-09-04 22:54:55,158 | --guided --template_file=/Users/nrj/Projects/github-test-case/template.yaml --stack_name=sam-app --fail_on_empty_changeset
Configuring SAM deploy
======================
Looking for config file [samconfig.toml] : Not found
Setting default arguments for 'sam deploy'
=========================================
Stack Name [sam-app]: github-test-case
AWS Region [eu-west-2]:
2021-09-04 22:55:01,053 | No Parameters detected in the template
2021-09-04 22:55:01,080 | 2 stacks found in the template
#Shows you resources changes to be deployed and require a 'Y' to initiate deploy
Confirm changes before deploy [y/N]:
#SAM needs permission to be able to create roles to connect to the resources in your template
Allow SAM CLI IAM role creation [Y/n]:
2021-09-04 22:55:03,600 | No Parameters detected in the template
2021-09-04 22:55:03,628 | 2 resources found in the stack
2021-09-04 22:55:03,628 | No Parameters detected in the template
2021-09-04 22:55:03,651 | Found Serverless function with name='HelloWorldFunction' and CodeUri='hello-world/'
2021-09-04 22:55:03,651 | --base-dir is not presented, adjusting uri hello-world/ relative to /Users/nrj/Projects/github-test-case/template.yaml
2021-09-04 22:55:03,651 | No Parameters detected in the template
2021-09-04 22:55:03,675 | Detected Inline Swagger definition
2021-09-04 22:55:03,675 | Auth checks done on swagger are not exhaustive!
HelloWorldFunction may not have authorization defined, Is this okay? [y/N]: y
2021-09-04 22:55:05,117 | No Parameters detected in the template
2021-09-04 22:55:05,148 | 2 resources found in the stack
2021-09-04 22:55:05,148 | No Parameters detected in the template
2021-09-04 22:55:05,171 | Found Serverless function with name='HelloWorldFunction' and CodeUri='hello-world/'
2021-09-04 22:55:05,171 | --base-dir is not presented, adjusting uri hello-world/ relative to /Users/nrj/Projects/github-test-case/template.yaml
2021-09-04 22:55:05,171 | No function or layer definition found with code sign config, skipping
Save arguments to configuration file [Y/n]:
SAM configuration file [samconfig.toml]:
SAM configuration environment [default]:
Looking for resources needed for deployment:
2021-09-04 22:55:08,406 | Managed S3 stack [aws-sam-cli-managed-default] not found. Creating a new one.
Creating the required resources...
2021-09-04 22:55:39,246 | Failed to create managed resources
Traceback (most recent call last):
File "/usr/local/Cellar/aws-sam-cli/1.30.0/libexec/lib/python3.8/site-packages/samcli/lib/utils/managed_cloudformation_stack.py", line 107, in _create_or_get_stack
stack = _create_stack(
File "/usr/local/Cellar/aws-sam-cli/1.30.0/libexec/lib/python3.8/site-packages/samcli/lib/utils/managed_cloudformation_stack.py", line 180, in _create_stack
stack_waiter.wait(StackName=stack_id, WaiterConfig={"Delay": 15, "MaxAttempts": 60})
File "/usr/local/Cellar/aws-sam-cli/1.30.0/libexec/lib/python3.8/site-packages/botocore/waiter.py", line 53, in wait
Waiter.wait(self, **kwargs)
File "/usr/local/Cellar/aws-sam-cli/1.30.0/libexec/lib/python3.8/site-packages/botocore/waiter.py", line 350, in wait
raise WaiterError(
botocore.exceptions.WaiterError: Waiter StackCreateComplete failed: Waiter encountered a terminal failure state: For expression "Stacks[].StackStatus" we matched expected path: "ROLLBACK_COMPLETE" at least once
2021-09-04 22:55:39,248 | Sending Telemetry: {'metrics': [{'commandRun': {'requestId': 'db327d08-08a0-4f89-8a28-983e73244651', 'installationId': 'ff7e8c7e-a91e-453d-a62a-c57922b8ef47', 'sessionId': '23501a9e-26a9-428b-a77a-4761f0c4f8f3', 'executionEnvironment': 'CLI', 'ci': False, 'pyversion': '3.8.12', 'samcliVersion': '1.30.0', 'awsProfileProvided': False, 'debugFlagProvided': True, 'region': '', 'commandName': 'sam deploy', 'duration': 44088, 'exitReason': 'ManagedStackError', 'exitCode': 1}}]}
2021-09-04 22:55:39,955 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read timeout=0.1)
Error: Failed to create managed resources: Waiter StackCreateComplete failed: Waiter encountered a terminal failure state: For expression "Stacks[].StackStatus" we matched expected path: "ROLLBACK_COMPLETE" at least once
Observed result:
The following error on the CLI:
Error: Failed to create managed resources: Waiter StackCreateComplete failed: Waiter encountered a terminal failure state: For expression “Stacks[].StackStatus” we matched expected path: “ROLLBACK_COMPLETE” at least once
An event on SamCliSourceBucketBucketPolicy in status CREATE_FAILED with error:
The specified bucket is not valid. (Service: Amazon S3; Status Code: 400; Error Code: InvalidBucketName; Request ID: RT87VR3Q5R82GMEN; S3 Extended Request ID: rD6481ZT7Xx0iMSXqKLIOg7Hwz/5PKMjA/FKqWze8fl7AQ16NCaDRnMuIEL5O0zrFQyQPnHonhU=; Proxy: null)
Expected result:
I’m not familiar with this tool, but I assume a working project?
Additional environment details (Ex: Windows, Mac, Amazon Linux etc)
- OS: macOS 11.5.1 (20G80)
sam --version:SAM CLI, version 1.30.0- AWS region:
eu-west-2
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 16
- Comments: 21 (4 by maintainers)
Fix has been released in 1.31.0. https://github.com/aws/aws-sam-cli/releases/tag/v1.31.0 Please run
sam delete --stack-name aws-sam-cli-managed-defaultto remove the broken managed stack before going through guided deploy or--resolve-s3again.I’ve also encountered this issue on
SAM CLI, version 1.40.1but it was a permission issue in the account I was using. My role didn’t have the correct S3 permissions to create an encrypted bucket, which caused that default sam stack to fail. Or in some cases it could also be a SCP preventing encryption changes.https://stackoverflow.com/questions/69839126/aws-iam-s3-error-putting-s3-server-side-encryption-configuration-accessdeni
thank you so much.
Thanks for opening the issue! We are looking into the fix.
In the meantime, if you are using pip or our installers, one can downgrade to the previous version of SAM CLI where this functionality is not present and then use sam delete to delete the
managed stack. Its important that you delete the managed stack in the region where the creation of the managed stack failed.sam delete --stack-name aws-sam-cli-managed-defaultand let sam cli re-create it during guided deploy process.
I also have encountered the same issue on
SAM CLI, version 1.46.0. I have also run thesam delete --stack-name aws-sam-cli-managed-defaultcommand it does delete the stack but still sam deploy --guided this doesn’t worked. @yobooooi thanks this link https://stackoverflow.com/questions/69839126/aws-iam-s3-error-putting-s3-server-side-encryption-configuration-accessdeni work for me as well@AllanOricil Unfortunately --guided by design uses the managed s3 bucket so ignoring the input s3 location is expected. But we do see this as an feature request so if we support this in the future we’ll try to let you know!
The same issue. SAM CLI, version 1.30.0
Workaround:
@pfilaretov you can find them under the releases in this same repo.
https://github.com/aws/aws-sam-cli/releases
I tested with SAM CLI, version 1.29.0 - cn-north-1 and cn-northwest-1 and it worked.